Editing and viewing an existing integration

You can view and edit settings of an existing integration in the Kaspersky Security Integration with SIEM window.

Editing an integration

To view and edit integration with Splunk Enterprise:

1. At the top of the Kaspersky Security Integration with SIEM window, click the name of the integration whose settings you want to view or edit.
2. In the Integration settings window that opens, select the required integration in the Select integration drop-down list.
3. Modify the following settings of the selected integration:
   • Integration name—Name of the selected integration. By default, the integration name is Integration with Splunk (syslog). You can edit this field, however, it cannot be blank.
   • You can click the View integration ID link under the integration name to view the identifier of the integration. You may have to provide this ID to Kaspersky Technical Support for diagnostics and troubleshooting.
   • Server—Address (URL or IP address) of your Splunk server.
   • Port—Port number to connect to your Splunk server.
   • Server certificate—Certificate of your Splunk server. Do either of the following:
     • Click Load from the server to automatically get the certificate from the specified Splunk server.
     • Click Load from a file and specify a file with the certificate.
   • Client certificate—Your certificate that will allow you to connect to the Splunk server. It is needed only if your server uses client certificates to restrict the set of available clients.

     Click Load from a file and specify a file with the certificate.

4. Click OK when you have finished editing the integration settings.

The system validates the specified settings. If the settings you provide are correct, they are saved and then used by Kaspersky Security Integration with SIEM to gain access to your Splunk Enterprise system.

The integration with Splunk Enterprise is edited and saved.

Page top